National Defense Authorization Act Passes the House with Cyber Amendments

During the floor debate, a number of amendments related to cybersecurity were added to the bill. Rep. Mark Walker (R-NC) offered two amendments that both were included in the final bill – one regarding how defense contractors share information on cyber threat indicators with the federal government and a second amendment related to cyber acquisition standards. In addition, Rep. Will Hurd (R-TX) also introduced a successful amendment that would allow the Department of Defense to pay for cyber certifications and training for its cyber professionals.

The Senate Armed Services Committee also marked up its NDAA bill last week. The bill is expected to be considered on the Senate floor this summer. As international relations with Russia and China continue to be contentious and concerns about terrorism continue, we expect the Senate to seek to add additional cybersecurity amendments on the Senate floor.

The latter amendment is highly important to ensure the Department of Defense is capable of retaining its cyber professionals. Since DoD requires people in cyber security positions to hold certifications, it only makes sense for DoD to pay for the certifications and training. DoD has actually done this for quite some time, but recently cut the funding due to a lagging budget.

Last week, the Defense Security Information Exchange officially announced that it would be rebranded as the Defense Industrial Base Information Sharing and Analysis Organization (ISAO). This is the first official ISAO that has been named since President Obama issued his Executive Order in February calling for the creation of a network of ISAOs to share cyber threat information between a variety of public and private sector entities. Other groups, such as the American Bar Association and the state of Virginia, have indicated their interest in creating an ISAO as well.

The U.S. Department of Homeland Security (DHS) will hold a workshop on June 9 in Cambridge, Massachusetts to discuss ISAO engagements and how to form an ISAO. In addition, DHS is working to identify an organization that will set up and manage the ISAO Standards Organization, which is charged with drafting a set of voluntary guidelines for the creation and function of ISAOs. The Department is expected to announce the organization this summer so that it will be fully functioning by this fall.

SCOTT (すこっと)

Scott (すこっと) is a cyber security, threat intelligence strategist, and technology evangelist working and living in Tokyo. In addition to his day job, Scott is fascinated by the future of computing, the technology industry, privacy, encryption, mobile apps, politics, & Japan. Scott enjoys taking pictures with his iPhone and sharing them freely online, primarily on Instagram.